Snort mailing list archives
Snort-inline
From: "Slighter, Tim" <tslighter () itc nrcs usda gov>
Date: Tue, 11 Mar 2003 10:06:55 -0700
A few items that I forgot to point out in the document on the snort site: 1) When running snort-inline, one must use the binary provided by snort-inline and NOT the binary provided by the normal snort build. By default, the binary will remain in the snort-inline directory unless "./configure" was run with "./configure --prefix". In that case the snort-inline binary will be in the "bin" directory of wherever the "prefix" specifies 2) when testing snort-inline to see if it successfully drops traffic. For example nmap scans....check your files (/var/log/messages and /var/log/snort/alert ) to make sure that the event can truly be dropped. For instance: nmap -sF -sX -sS -sN will all be picked up by the stream4 preprocessor and therefore will NOT be dropped by snort-inline. However, nmap -sU will be dropped.
Current thread:
- Snort-inline toohs (Jan 06)
- <Possible follow-ups>
- Snort-inline Slighter, Tim (Jan 16)
- snort-inline Slighter, Tim (Jan 21)
- Snort-inline Slighter, Tim (Mar 11)
- Snort-inline Slighter, Tim (Mar 14)
- snort-inline Ales Stibal (Mar 18)